Create an alert clustering definition

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Define alert clustering conditions to trigger one or more alert clustering tags, which help create alert groups from fewer alerts. Creating alert groups from fewer alerts reduces noise, making it easier to identify critical incidents, prioritize responses, and manage issues effectively.

    Before you begin

    Role required: evt_mgmt_admin

    About this task

    To create a tag def users need to use filter to define on which alerts the definition will apply and define a grouping criteria by specifying which field values should be compared to create a group.

    To group alerts using tag-based grouping, you can also create a grouping automation in Service Operations Workspace. For more information, see Create Group automation.

    Procedure

    1. Navigate to All > Event Management > Tag Based Alert Clustering Engine > Alert Clustering Definitions.
    2. Select New.
    3. Configure the fields on the Event Management tag based alert grouping definition form.
    4. Select Save.

    Result

    The definition appears in the Tag Based Alert Clustering Definitions table and Service Operations Workspace (ITOM) > Grouping automation. Alert groups created by this definition are categorized as Tag Cluster groups.